The Agent Skills Directory

[SAFE]: The skill serves as a meta-instruction set for generating automation tools. It explicitly promotes security best practices such as least privilege (allowed-tools), human-in-the-loop (STOP and wait for user approval), and preventing autonomous execution of side effects (disable-model-invocation: true).
[COMMAND_EXECUTION]: The skill involves the creation of commands that execute shell operations (e.g., git, docker, kubectl). These are documented as intended for developer workflows. The instructions include specific guidance on avoiding hardcoded absolute paths and using environment-relative variables like ${CLAUDE_PROJECT_DIR}.
[EXTERNAL_DOWNLOADS]: Mentions standard development ecosystem tools and package managers (npm, pnpm, docker) within the context of project maintenance and deployment tasks.
[PROMPT_INJECTION]: The skill processes user prompts and conversation history as ingestion points to define the logic of generated commands. While no explicit boundary markers or sanitization for this input are mentioned, the risk of indirect injection is mitigated by the skill's design, which requires a human-led audit step and manual placement of the generated file. The skill's primary capabilities include file system operations and bash execution required for code generation.

command-skill-creator